I was looking for a method for sandboxing submissions under Windows. Simple things, like blocking file I/O, etc. It seems that Codeforces itself runs on Windows, so I'm asking this here: do you have any input on this?
[EDIT] I would like to note I found these, but haven't tested any of it yet:
- https://github.com/DMOJ/judge (seems good, has
wbox
for Windows andcptbox
for Unix, I will return when I take a better look) - https://github.com/trailofbits/appjaillauncher-rs (disconsidered as it will only run on windows 8+)
- https://github.com/iceb0y/windows-container
AFAIK CodeForces uses Java as main programming language. This might be helpful if you also choose Java for your project.
Maybe I misunderstood it, but isn't this only about running native java code inside a java sandbox? Thanks for the help!
Have you consider using docker?
It's fast and easy, but I think there is only docker for Windows 10.
If you are not familiarized with docker I encourage you to read about it, I think it's a great tech ;) What I mean by using docker is running programs inside containers without being exposed to any risk.
I think there're some reasons not to use docker. First it's not lightweight enough, cost much time on startup especially on Windows. And docker needs to be run as root(admin) but some IaaS does not provide.
The heavyweight of docker also cause a problem, a tons of dockers could hardly run together. If you run one submission in one docker, then you could hardly run 10+ submissions at once like codeforces
There are some docker-images which are really REALLY lightweight. I remember Debian in less than 20MB and Alpine in 4MB.
I don't think you can run tons of dockers together, but the main bottleneck won't be docker itself (setting up and starting the container) but the execution, similar to what is going to happen if you run submissions outside docker.
I used docker once in windows and never test the speed, but I partially implemented a mini-judge using docker for sand-boxing (in Ubuntu) and I run 20+ submissions locally on my PC and there was no big overhead created by docker.
Probably it is not the best option for a site like Codeforces, but I think it is a simple (and great) option for small OJ.
I agree with the idea of using docker as a simple option. But I think docker for windows is much slower than docker on linux. What about Hyper-V instead of docker?
And I think docker is for general use but not only for OJ sandboxing. May sandbox special for OJ is a better choice
Of course docker is not for that ;) docker is for A LOT of things, and it happens to me that I met docker at the same time I was trying to build an online judge. The idea of using docker for sand-boxing came to my mind in that moment.